pacapana — a tool suite to analyse protocol streams


Pacapana is a tool suite to analyse protocol streams and prepare flow characteristics. Understand protocol interaction due to explicit exchanged information (e.g. TCP options) or detect inconsiderable protocol properties based on stream causalities are one potential use case of pacapana.

On the other hand, the tool suite can be used to gather information about network infrastructures and detect potential bottlenecks (think about superfluous timeouts et cetera). Pacapana parses PCAP data files - saved in the well known data format for capturing network traffic - and run the selected routines and let it up to you to interpret the results. Realtime analysis isn't supported, cause this isn't the main use case of pacapana, it's an offline tool.

Provided Functionality

Core Functionality:

Supported Protocols:

  • DCCP
  • UDPLite
  • UDP
  • TCP
  • SCTP
  • TIPC
  • ARP
  • RARP
  • IPv4



svn co



# svn co
git svn clone https://$

# svn up
git svn rebase

# svn commit
git svn dcommit


./waf configure --prefix=/usr
./waf build
su -c './waf install'

Handy PCAP Filter Expressions

# filter only packets comming from web (port 80)
tcp src port 80

# filter for packets comming from host
src host

# to filter packets received from and send to

# filter only SYN packets
tcp[13] = 2

# filter for SYN or SYN/ACK
tcp[13] & 2 = 2

# filter ARP packets
Here are two worthwhile resources with useful examples:

Examples - Use Cases

Use Case 1 - Throughput Analysis


Feel free and drop some lines:

Hagen Paul Pfeifer     hagen© (replace © with @)